C613-50170-01 Rev B
Command Reference for x510 Series
1573
AlliedWare Plus™ Operating System - Version 5.4.7-1.x
IP
V
6 H
ARDWARE
A
CCESS
C
ONTROL
L
IST
(ACL) C
OMMANDS
(
NAMED
IP
V
6
HARDWARE
ACL: IP
V
6
PACKET
ENTRY
)
Mode
IPv6 Hardware ACL Configuration (accessed by running the command
access-list (named IPv6 hardware ACL)
Default
On an interface controlled by a hardware ACL, any traffic that does not explicitly
match a filter is permitted.
Usage
To use this command, first run the command
and enter the desired access-list name. This changes the prompt to
awplus(config-ipv6-hw-acl)#.
Then use this command (and the other “named IPv6 hardware ACL: entry”
commands) to add filter entries. You can add multiple filter entries to an ACL.
If you specify a sequence number, the new entry is inserted at the specified
location. If you do not specify a sequence number, the switch puts the entry at the
end of the ACL and assigns it the next available multiple of 10 as its sequence
number.
Once you have configured the ACL, use the
command to apply this ACL to a port, VLAN or QoS class-map. Note
that the ACL will only apply to incoming data packets.
You can use ACLs to redirect packets, by sending them to the CPU, the mirror port,
or a specific VLAN on a specific port. Use such ACLs with caution. They could
prevent control packets from reaching the correct destination, such as EPSR
healthcheck messages and VCStack messages.
Examples
To add a filter entry to the ACL named “my-acl” to block IPv6 traffic sent from
network 2001:0db8::0/64, use the commands:
awplus#
configure terminal
awplus(config)#
ipv6 access-list my-acl
awplus(config-ipv6-hw-acl)#
deny ipv6 2001:0db8::0/64 any
To remove a filter entry from the ACL named “my-acl” that blocks all IPv6 traffic
sent from network 2001:0db8::0/ 64, use the commands:
awplus#
configure terminal
awplus(config)#
ipv6 access-list my-acl
awplus(config-ipv6-hw-acl)#
no deny ipv6 2001:0db8::0/64 any
host
<
ipv6-dest-host
>
Match a single destination host
address.
The IPv6 address uses the format
X:X::X:X.
vlan
<1-4094>
The VLAN to match against. The ACL will match against the
specified ID in the packet’s VLAN tag.
Parameter
Description